Defining the Insider Threat


M. Bishop and C. Gates, “Defining the Insider Threat,” Proceedings of the Cyber Security and Information Intelligence Research Workshop article 15 (May 2008).



Many diverse groups have studied the insider threat problem, including government organizations such as the Secret Service, federally-funded research organizations such as RAND and CERT, and university researchers. In addition, many industry participants are interested in the problem, such as those in the financial sector. However, despite this interest, no consistent definition of an insider has emerged.

We argue that the lack of a consistent definition of an insider hinders research in the detection of threats from insiders. In particular, a definition of an insider is first required in order to ensure that the research is, in fact, detecting threats of the desired type. Further, through the development and use of a consistent definition of insiders, it is possible to then compare different detection approaches to determine the best approach for detecting particular types of insiders.

